Running Varnish 4.x on systemd

Oh Dear! monitors your entire site, not just the homepage. We crawl and search for broken pages and mixed content, send alerts when your site is down and notify you on expiring SSL certificates.

Start your free 10 day trial! »

Image of Mattias Geniar

Mattias Geniar, March 15, 2015

Follow me on Twitter as @mattiasgeniar

If you’re thinking about running Varnish 4.x on a systemd system, you may be surprised that many of your “older” configs no longer work.

Now I don’t mean the actual VCL files, those have a seriously changed syntax and there are proper documentations on handling a 3.x to 4.x upgrade.

I mean the /etc/sysconfig/varnish config, that will no longer work in a systemd world. It’s being replaced by a /etc/varnish/varnish.params file, that is being included by systemd.

To see what’s going on under the hood, check out the systemd configuration file at /usr/lib/systemd/system/varnish.service.

$ cat /usr/lib/systemd/system/varnish.service
[Unit]
Description=Varnish a high-perfomance HTTP accelerator
After=syslog.target network.target

[Service]
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072

# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
LimitMEMLOCK=82000

# Maximum size of the corefile.
LimitCORE=infinity

EnvironmentFile=/etc/varnish/varnish.params

Type=forking
PIDFile=/var/run/varnish.pid
PrivateTmp=true
ExecStartPre=/usr/sbin/varnishd -C -f $VARNISH_VCL_CONF
ExecStart=/usr/sbin/varnishd \
    -P /var/run/varnish.pid \
    -f $VARNISH_VCL_CONF \
    -a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
    -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
    -t $VARNISH_TTL \
    -u $VARNISH_USER \
    -g $VARNISH_GROUP \
    -S $VARNISH_SECRET_FILE \
    -s $VARNISH_STORAGE \
    $DAEMON_OPTS

ExecReload=/usr/sbin/varnish_reload_vcl

[Install]
WantedBy=multi-user.target

Most importantly, it loads the file /etc/varnish/varnish.params that can/should contain environment variables, that you can use to manipulate the systemd service.

At the very end, it contains the $DAEMON_OPTS variable. Previous sysconfig files would have that contain the entire startup parameter for varnish, including the -a parameter (what port to listen on), -S (the secret file), … etc. With the Varnish 4.x configs on systemd, the $DAEMON_OPTS should only contain the additional parameters that aren’t already specified in the varnish.service file.

For example, you should limit the varnish.params file to something like this.

$ cat /etc/varnish/varnish.params
# Varnish environment configuration description. This was derived from
# the old style sysconfig/defaults settings
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=80
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
VARNISH_SECRET_FILE=/etc/varnish/secret
VARNISH_STORAGE="file,/var/lib/varnish/varnish_storage.bin,1G"
VARNISH_TTL=120
VARNISH_USER=varnish
VARNISH_GROUP=varnish
#DAEMON_OPTS="-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300"

If you’re migrating from a sysconfig-world, one of the most important changes is that the systemd-config requires a user and group environment variable, which wasn’t set previously.

$ cat /etc/varnish/varnish.params
...
VARNISH_USER=varnish
VARNISH_GROUP=varnish
...

For all other changed parameters in the $DAEMON_OPTS list, check out the Varnish man-pages (man varnishd) that contain very accurate documentations on what parameters are allowed and which have been changed.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.